1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
replace deprecated GnuTLS functions with newer ones if available
closes https://github.com/rsyslog/rsyslog/issues/302
Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58
Upstream-Status: Backport
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
configure.ac | 2 ++
runtime/nsd_gtls.c | 21 ++++++++++++++++++---
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 643fc94..56835fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls,
if test "x$enable_gnutls" = "xyes"; then
PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0)
AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present])
+ AC_CHECK_LIB(gnutls, gnutls_global_init)
+ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
fi
AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index a763e4b..e127834 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
*/
static int
gtlsClientCertCallback(gnutls_session session,
- __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs,
- __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length,
- gnutls_retr_st *st)
+ __attribute__((unused)) const gnutls_datum* req_ca_rdn,
+ int __attribute__((unused)) nreqs,
+ __attribute__((unused)) const gnutls_pk_algorithm* sign_algos,
+ int __attribute__((unused)) sign_algos_length,
+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
+ gnutls_retr2_st* st
+#else
+ gnutls_retr_st *st
+#endif
+ )
{
nsd_gtls_t *pThis;
pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session);
+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
+ st->cert_type = GNUTLS_CRT_X509;
+#else
st->type = GNUTLS_CRT_X509;
+#endif
st->ncerts = 1;
st->cert.x509 = &pThis->ourCert;
st->key.x509 = pThis->ourKey;
@@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
gnutls_session_set_ptr(pThis->sess, (void*)pThis);
iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */
if(iRet == RS_RET_OK) {
+# if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
+ gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback);
+# else
gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback);
+# endif
} else if(iRet != RS_RET_CERTLESS) {
FINALIZE; /* we have an error case! */
}
|